3.7 KiB
3.7 KiB
title | sidebar | showTitle |
---|---|---|
Setup SSL locally | Handbook | true |
Setting up HTTPS locally can be useful if you're trying to debug hard to replicate issues (e.g cross domain cookies, etc).
There are two ways you can get HTTPS locally:
- ngrok
- NGINX and a local certificate.
The easiest option is to use ngrok.
Set up SSL via ngrok
-
Make sure you have ngrok installed.
-
Sign up for an ngrok account (or sign in with GitHub) and run
ngrok authtoken <TOKEN>
-
Edit
$HOME/.ngrok2/ngrok.yml
and add the following after the line withauthtoken: <TOKEN>
:
tunnels:
django:
proto: http
addr: 8000
webpack:
proto: http
addr: 8234
- Start ngrok. This will give you tunnel URLs such as https://68f83839843a.ngrok.io
ngrok start --all
- Copy the HTTPS URL for the tunnel to port 8234 and set it as the value for the
JS_URL
environment variable. Then, start webpack:
export WEBPACK_HOT_RELOAD_HOST=0.0.0.0
export LOCAL_HTTPS=1
export JS_URL=https://68f83839843a.ngrok.io
yarn start
- Use the same URL as the value for
JS_URL
again and start the Django server
export DEBUG=1
export LOCAL_HTTPS=1
export JS_URL=https://68f83839843a.ngrok.io
python manage.py runserver
- Open the HTTPS URL for the tunnel to port 8000.
Tips & Tricks
If you're testing the Toolbar, make sure to add the ngrok urls to the list on the 'Project Settings' page.
Also, watch out, network requests can be slow through ngrok:
Set up SSL via NGINX and a local certificate
- Update openssl if "openssl version" tells you "LibreSSL" or something like that.
In case brew install openssl
and brew link openssl
don't work well, use
/usr/local/opt/openssl/bin/openssl
instead of openssl
in the next step.
- Create key
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout localhost.key -out localhost.crt -subj "/CN=secure.posthog.dev" \
-addext "subjectAltName=DNS:secure.posthog.dev,IP:10.0.0.1"
- Trust the key for Chrome/Safari
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain localhost.crt
- Add
secure.posthog.dev
to /etc/hosts
127.0.0.1 secure.posthog.dev
- Install nginx (
brew install nginx
) and add the following config in/usr/local/etc/nginx/nginx.conf
upstream backend {
server 127.0.0.1:8000;
}
server {
server_name secure.posthog.dev;
rewrite ^(.*) https://secure.posthog.dev$1 permanent;
}
server {
listen 443 ssl;
server_name secure.posthog.dev;
ssl_certificate /Users/timglaser/dev/localhost.crt;
ssl_certificate_key /Users/timglaser/dev/localhost.key ;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static/ {
proxy_pass http://127.0.0.1:8234/static/;
}
}
- Add the following command to start nginx
nginx -p /usr/local/etc/nginx/ -c /usr/local/etc/nginx/nginx.conf
- You can stop the nginx server with
nginx -p /usr/local/etc/nginx/ -c /usr/local/etc/nginx/nginx.conf -s stop
- To run local development, use
bin/start-http